MISTPEN

According to Mandiant, MISTPEN is a lightweight backdoor written in C whose main functionality is to download and execute Portable Executable (PE) files. The backdoor is a modification of the open-source Notepad++ binhex plugin v2.0.0.1 where the creation of a thread that executes the malicious code has been added to the DllMain function.

Family metadata imported from Malpedia (Fraunhofer FKIE).